iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE
一般插上网卡后用ubuntu自带的网络工具就可以配置IP,比如static或者DHCP之类,不需要手工修改interfaces文件的。
插上网线后设置好对应网卡的IP,就能把客户机和双网卡主机互相ping通,如果ping不通,首先检查是否安装防火墙,然后检测网线以及接口。
现在主要问题是如何共享上网,方法如下:
1、修改/etc/rc.local文件,在其中添加
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables –insert FORWARD –in-interface eth0 -j ACCEPT
第一句是清除掉之前所有的iptables规则,根据自己的需要吧,如果有重要的路由规则最好不要清除
第二第三句是允许接收和发送数据包,
第四句是在eth0网口上NAT。注意,要在有外部IP的网口上做NAT。
2、修改/etc/sysctl.conf,在文件中加上下面一行: net.ipv4.ip_forward= 1,这里就是开启NAT。1表示转发,如果设置为0的话就是不转发。
reboot后先连通外网,然后试一下客户机上外网,应该就可以了。
禁用IPV6, 在 /etc/sysctl.conf 增加下面几行,并重启。
/etc/network/interfaces
First you need to configure eth0 and eth1 for Skyray. Edit the file and make sure it has at least the following settings (or whatever settings are appropriate for your environment).
sudo vim /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.20.30.77
netmask 255.255.255.0
gateway 10.20.30.1
network 10.20.30.0
broadcast 10.20.30.255
dns-nameservers 10.20.30.15 10.20.30.16
dns-search codeghar.com
auto eth1
iface eth1 inet static
address 172.22.22.1
netmask 255.255.255.0
network 172.22.22.0
broadcast 172.22.22.255
/etc/sysctl.conf
You need to enable IPv4 forwarding. To do so, edit this file.
sudo vim /etc/sysctl.conf
And uncomment the line
# net.ipv4.ip_forward=1
so that it now appears as
net.ipv4.ip_forward=1
Save the file and run the following command to make the change effective without a reboot.
sudo sysctl -w net.ipv4.ip_forward=1
/etc/rc.local
You’ll need to allow iptables rules for NAT to work. Edit the file and save it.
sudo vim /etc/rc.local
Make sure the following two lines appear before the exit 0 line in the file.
/sbin/iptables -P FORWARD ACCEPT /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
To make these iptables rules active without rebooting, run the following commands:
sudo iptables -P FORWARD ACCEPT
sudo iptables –-table nat -A POSTROUTING -o eth0 -j MASQUERADE
Install DHCP server
sudo aptitude install isc-dhcp-server
/etc/dhcp/dhcpd.conf
Configure your newly installed DHCP server. Edit the file and save.
sudo vim /etc/dhcp/dhcpd.conf
The file is very well commented and you can learn a lot reading it. Just make sure it has at least the following configuration.
ddns-update-style none; # option definitions common to all supported networks... option domain-name "codeghar.com"; option domain-name-servers 10.20.30.15, 10.20.30.16; default-lease-time 3600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; # This is a very basic subnet declaration. subnet 172.22.22.0 netmask 255.255.255.0 { range 172.22.22.21 172.22.22.250; option subnet-mask 255.255.255.0; option broadcast-address 172.22.22.255; option routers 172.22.22.1; }
/etc/default/isc-dhcp-server
We want to serve DHCP only on eth1 interface to we need to configure it that way. Edit the file and save it.
sudo vim /etc/default/isc-dhcp-server
The line will look like this before you change it
INTERFACES=""
And after you change it, it will look like this:
INTERFACES="eth1"
Now you should stop and start the DHCP server.
sudo service isc-dhcp-server stop (if the service is already running; skip if it’s not running)
sudo service isc-dhcp-server start
Conclusion
Now any machines you have on the 172.22.22.0/24 network will get their IP address from Skyray if they are set to DHCP. And Skyray will also serve as their gateway.